CVE-2025-2232

Name of the Vulnerable Software and Affected Versions: The Realteo - Real Estate Plugin by Purethemes versions 1.2.8 and earlier

Description: The issue is due to insufficient role restrictions in the do register user function, making it possible for unauthenticated attackers to register an account with the Administrator role. This allows attackers to bypass authentication.

Recommendations: For versions 1.2.8 and earlier, update to a version later than 1.2.8 to resolve the issue. As a temporary workaround, consider disabling the do register user function until a patch is available.